Sara Friedman

Sara Friedman joined Inside Cybersecurity in February 2020. Previously, she covered government IT for GCN and education technology for THE Journal and Campus Technology. She graduated from Ithaca College with bachelor’s degrees in journalism and politics.

Archived Articles
Daily News | March 30, 2023

DOD Chief Information Officer John Sherman assured lawmakers at a Thursday hearing on the rollout of the Cybersecurity Maturity Model Certification program, acknowledging it has faced delays following an internal review while committing that it will be carried out successfully.

Daily News | March 23, 2023

The Defense Department has finalized a rulemaking to revise the use of its supplier risk system platform for acquisition officials when evaluating bids for contracts, making a move that stakeholders see as a precursor for the Pentagon's Cybersecurity Maturity Model Certification program becoming part of the formal acquisition process.

Daily News | March 16, 2023

The U.S. government's transition to a zero-trust architecture will continue to be a top priority as the National Security Agency and Defense Department continue on their journey with new guidance for national security systems, while civilian agencies reveal cost estimates for the move to ZTA as part of their fiscal year 2024 budget requests.

Daily News | March 8, 2023

The Defense Department's Cybersecurity Maturity Model Certification leader Stacy Bostjanick and accreditation body CEO Matthew Travis are pushing for the entire federal government to adopt National Institute of Standards and Technology Special Publication 800-171, the Pentagon's foundational standard for handling sensitive federal data for its CMMC program, to ensure consistency between defense and civilian requirements.

Daily News | February 22, 2023

The Pentagon has updated its cybersecurity reference architecture to address mandates from the 2021 cyber executive order with a focus on zero trust and how associated principles can secure Defense Department business operations and national security systems.

Daily News | February 17, 2023

The Information Technology Industry Council wants the Defense Department to leverage the General Services Administration's FedRAMP program to help military services and agencies transition to zero trust with help from cloud service providers.

Daily News | February 17, 2023

The National Institute of Standards and Technology is offering a preview into upcoming changes to its foundational guide for organizations handling sensitive federal data.

Daily News | February 10, 2023

Rep. Mike Gallagher (R-WI), chairman of the House Armed Services cyber, information technologies and innovation subcommittee, is planning to push for legislation to create a joint collaborative environment within the Cybersecurity and Infrastructure Security Agency and address "systemically important critical infrastructure," in an effort to get two high-priority recommendations from the Cyberspace Solarium Commission into law.

Daily News | February 9, 2023

The Aerospace Industries Association raised concerns with the House Armed Services Committee over the cost of compliance with the Pentagon's Cybersecurity Maturity Model Certification program at a Wednesday hearing focused on strengthening the defense industrial base.

Daily News | February 2, 2023

Matthew Travis, CEO of the accreditation body behind the CMMC program, says he is encouraged by the Pentagon's "commitment" to move forward with establishing a cyber certification initiative for defense contractors, despite a potential shift in the rulemaking timeline.

Daily News | January 30, 2023

The accreditation body behind the Pentagon's cyber certification program has published a detailed spreadsheet outlining comments from stakeholders on the group's first assessment process guide.

Daily News | January 23, 2023

Companies should continue preparing for the launch of the Pentagon's Cybersecurity Maturity Model Certification program as the process to finalize rulemaking continues, according to program director Stacy Bostjanick, who spoke with Inside Cybersecurity in a wide-ranging interview.

Daily News | January 17, 2023

Leaders from the defense industrial base are urging the Cybersecurity and Infrastructure Security Agency to consolidate how it will collect mandatory incident reports from the sector into a single "channel" where information is shared between the Defense Department and CISA.

Daily News | January 10, 2023

Full implementation of the Pentagon's Cybersecurity Maturity Model Certification program for defense contractors will likely shift to 2024 based on revised estimates from the Defense Department in the fall 2022 unified agenda, which indicates two proposed rules are expected for release in the coming months.

Daily News | January 5, 2023

Multiple agencies are expected to act on incident reporting requirements in the new year as work to digest industry feedback continues at the Securities and Exchange Commission and Cybersecurity and Infrastructure Security Agency, while changes to federal acquisition regulations from the 2021 cyber executive order are coming along with the release of the long-awaited national cyber strategy.

Daily News | December 21, 2022

The Pentagon is planning to submit the first rulemaking under its cyber certification program in January for review by the White House Office of Management and Budget, according to a Defense Department spokeswoman, shifting the official launch timeframe farther down the road than previously expected.

Daily News | December 16, 2022

A recent guide from the National Defense Information Sharing and Analysis Center is designed to assist small and medium-size businesses with choosing a managed service provider to help reach compliance with the Pentagon's Cybersecurity Maturity Model Certification program.

Daily News | December 7, 2022

Defense contractors are having trouble complying with current cyber standards put in place in 2017, according to a recent industry survey, which puts a spotlight on the defense industrial base preparedness for the Cybersecurity Maturity Model Certification program.

Daily News | December 6, 2022

The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is touting its progress over the past year in growing the CMMC ecosystem, while noting the number of consultants registered with the non-profit has declined due to ongoing work at the Defense Department to finalize regulations and kick off the formal program.

Daily News | November 29, 2022

A coalition of industry groups is pushing for Senate Armed Services Committee leadership to drop an amendment from the fiscal year 2023 defense authorization bill that would extend the current ban on federal contractors using equipment and services from Huawei and ZTE to include three Chinese semiconductor companies.

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.